AML Policy

1. Introduction

BroLabel OÜ is committed to the highest standards of Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) compliance. This policy reflects our obligations under the EU's Anti-Money Laundering Directives (AMLD5/AMLD6), the Estonian Money Laundering and Terrorist Financing Prevention Act, and applicable FATF recommendations.

Our AML/CFT program is designed to prevent the use of BroLabel's infrastructure for illicit financial activity. All partners, users, and counterparties are subject to this policy as a condition of accessing our services.

2. KYC Requirements

All clients and end-users must undergo Know Your Customer (KYC) or Know Your Business (KYB) verification before accessing BroLabel services:

Individual clients: Government-issued photo ID (passport or national identity card), proof of address (issued within 3 months), selfie verification, and source of funds declaration for high-risk or high-volume users.

Corporate clients: Certificate of incorporation, beneficial ownership register (UBO — Ultimate Beneficial Owners with 25%+ ownership), director identification, corporate bank statement, and AML policy of the client entity. Enhanced due diligence (EDD) applies to clients in high-risk jurisdictions or those with complex ownership structures.

3. Transaction Monitoring

BroLabel employs a multi-layered real-time transaction monitoring system to detect suspicious activity:

Sanctions screening: All transactions and counterparties are screened in real-time against OFAC (SDN list), EU consolidated sanctions list, UN Security Council sanctions, and FATF blacklisted/greylisted jurisdictions.

Blockchain analytics: On-chain transactions are analyzed using Chainalysis to detect wallet addresses associated with darknet markets, ransomware, mixers, sanctioned entities, and other illicit activity. Transactions flagged above defined risk thresholds are blocked pending review.

Behavioral monitoring: Unusual transaction patterns — including rapid structuring, unusual volume spikes, or transactions inconsistent with declared business purpose — trigger automated alerts for human review.

4. Risk Assessment

BroLabel applies a risk-based approach to AML/CFT, categorizing clients and transactions into three risk tiers:

Low risk: Clients in low-risk jurisdictions with established business history, transparent ownership structure, and transaction volumes consistent with their business profile. Subject to standard due diligence and periodic monitoring.

Medium risk: Clients with complex ownership structures, high transaction volumes, or operating in sectors with elevated ML/TF exposure. Subject to enhanced ongoing monitoring and annual review.

High risk: Clients from FATF high-risk or non-cooperative jurisdictions, Politically Exposed Persons (PEPs), or those with adverse media findings. Subject to Enhanced Due Diligence (EDD), senior management approval, and quarterly review. BroLabel reserves the right to decline service to high-risk entities.

5. Suspicious Activity Reporting

BroLabel is obligated to file Suspicious Activity Reports (SARs) or Suspicious Transaction Reports (STRs) with the Estonian Financial Intelligence Unit (FIU) when we have reasonable grounds to suspect that a transaction or funds are related to money laundering or terrorist financing.

All BroLabel employees are required to report any suspicious activity to our Compliance Officer immediately. We maintain a strict no-tipping-off policy — clients may not be informed that a SAR has been filed or that their account is under investigation.

6. Record Keeping

BroLabel maintains comprehensive records in compliance with applicable AML legislation:

All KYC/KYB documentation, transaction records, due diligence reports, SAR filings, and AML screening results are retained for a minimum of 5 years from the date of the transaction or the end of the business relationship, whichever is later. Records are stored securely and are available for inspection by competent authorities upon request. For clients subject to AML obligations under Estonian law, the retention period extends to 7 years.

7. Staff Training

BroLabel maintains a comprehensive AML/CFT training program for all personnel. All new employees complete mandatory AML training before handling client data or transactions. Existing staff complete annual refresher training covering regulatory updates, typologies, and internal procedures.

Our Compliance Officer receives ongoing specialized training in financial crime prevention, blockchain analytics, and virtual asset regulatory developments. Training completion is tracked and documented as part of our regulatory obligations.

8. Contact

For compliance-related inquiries, KYC/KYB questions, or to report concerns about potential financial crime, contact our Compliance team at compliance@brolabel.io.